Skip to content
This repository has been archived by the owner on Nov 16, 2018. It is now read-only.

Protect the /admin/api/advanced route #58

Open
CashWilliams opened this issue Jul 15, 2017 · 2 comments
Open

Protect the /admin/api/advanced route #58

CashWilliams opened this issue Jul 15, 2017 · 2 comments

Comments

@CashWilliams
Copy link

Currently the reservoir_ui.api.advanced route is open to the public due to https://github.com/acquia/reservoir/blob/8.x-1.x/modules/reservoir_ui/reservoir_ui.routing.yml#L41
@CashWilliams
Copy link
Author

CashWilliams commented Jul 15, 2017
edited

Note: This is a security issue, but since there is not a stable release, the module/profile is not covered by the Drupal Security Team.

@tedbow
Copy link

tedbow commented Aug 11, 2017

@CashWilliams thanks created a PR

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tedbow @CashWilliams